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(54) IC CARD HAVING SECURITY STATUS WITH TIME LIMIT 

(57)Abstract: 

PROBLEM TO BE SOLVED: To prevent an IC card from being illegally used after 
expiration by a person other than the genuine owner. 

SOLUTION: With respect to an IC card having a timer functiona security status 
indicating an authentication valid state is kept only for a prescribed time after 
expiration of the authentication of a card owner and the term of validity of the card 
owner authentication is set to a master key file IEF00 and application key files 
IEF01IEF02 and IEF03. 

CLAIMS 



[Claim(s)] 

[Claim 1]An IC cardwherein security status which shows a card holder's attestation 
effective state after the end of attestation maintains only predetermined time in an IC 
card which has an arithmetic unitmain memoryread-only memorynonvolatile 
memoryand a timer function. 

[Claim 2]An IC card characterized by returning security status or making it blockade 
an applicable application file after the above-mentioned predetermined time passed. 
[Claim 3]An IC card setting the term of validity of card holder attestation as a key file 



in the IC card according to claim 1 or 2. 

[Claim 4]An IC card setting up the term of validity of card holder attestation for every 
application file in the IC card according to claim 1 or 2 at a key file. 



DETAILED DESCRIPTION 



[Detailed Description of the Invention] 
[0001] 

[Field of the Invention]This invention relates to the IC card which prevented the 
continuous illegal use of the IC card by persons other than a true card holder. 
[0002] 

[Description of the Prior Art]As shown in drawing 4 the reader/writer 1 transmits a 
command (command) to IC card 2and the IC card which received this interprets a 
commandand performs processing of writing/read-outand it returns it to the 
reader/writer 1 by making a processing result into a response. 
[0003]As shown in drawing S IC card 2 has CPU2aRAM2bROM2cand EEPROM2d. 
If the command which reads into CPU2a the program memorized by ROM2cand is 
transmitted from the reader/writer 1 is received through an I/O PortThe data 
transmitted with the command is readrequired processing is performeda result is 
written in the predetermined file area of EEPROM2dand a response is outputted 
through an I/O Port. 

the time check which will apply to which and notify interruption to CPU2a if 2e is a 
timer moduleand operates independently of operation of CPU2a and the set-up time 
passes — it is a device. 

[0004]D rawing 6 is what showed EEPROM3 which consists of a field for application 
programsand a field for operating system (OS)When assigning the file of the 
application ABand C in this order from the start address of an application areaA 
directoryB directoryand C directory are simultaneously formed toward a head in order 
of assignment of file area from the last of an application area. A directory is the 
control information on a fileand as shown in drawing 7 it consists of file ID for 
identifying a filethe start address a file is remembered to bearea capacityattribution 
information (information on the right to access (key) of read/write)and a check code. 
[0005]In drawing 6 in the field for OS which followed the field of application. The data 
which OS of the pointer in which the address of the last of the assigned file area is 
shown from the start address shown in the directory and area capacitythe pointer in 
which the directory of the accumulated last is shownetc. uses is set. The field 
between the pointer P and P' is a memory area which can further be assigned. 
[0006]As shown in drawing 8 the command from reader/writer The classification (CLA) 
of a commandThe data length Lc and a data division (file IDarea capacityattribution 
information) are added to a command (INS)the parameter P1and P2and assignment of 



a file is performed by a creation file operation. 
[0007] 

[Problem(s) to be Solved by the Invention]The key (PIN:Personal Identification 
Number) which the card holder inputted from the terminal in the conventional IC card 
is compared with the key stored in the IC cardSince security status was updated 
when in agreementaccess to a file was possible for after it on the level with which it 
is satisfied of security attributes until the IC card was deactivated (state where the 
card was extracted from the contact). 

[0008]In drawing 9 key file IEF00 directly under a master fileExpress a card holder key 
and AP1AP2and AP3 show the application program file in dedicated file 
DFIEF01IEF01and IEF03 are key files in which key PIN1 for accessing each 
application programPIN2and PIN3 are storedrespectively. 
[0009]If PIN which the card holder's attestation (global security status) was 
performed at the time of the PIN input to the key directly under MFand was inputted 
is in agreement with the key of IEFOOUnless the global status shown in drawing 10 is 
updated from 0 to 1 and a card holder's performs authentication is clearly carried out 
by the IC card utilizing system side (contact side) after itOr unless it is deactivated 
by the IC card sidethe first global security status is held. 

[0010]When the power for accessing each dedicated file is lodgedfor exampleit 
accesses application AP1 in this stateit compares with PIN1 of key file IEFOIand if 
this agreesit will become accessible to AP1. At this timethe security status of drawing 
10 is updated from 0 to 1. Security status is the authority that the application file 
concerned can be accessedand does not reach to other applications. 
[001 1]Thussince the first global security status will be held once performs 
authentication is successfulEven if it exchanges a challenge/response (procedure 
which passes a random number mutually by the contact and the IC card sideand 
checks whether a partner is genuine)the performs authentication of the bona fides of 
a cardThere was no means to detect even if the person who is operating it toward a 
contact has changed from the just card holder to another inaccurate operator who 
attested at the time of the original PIN input. 

[0012]Thusas a situation which changes the person who is operating it toward a 
contact to an unjust person from a genuine card holderThe situation forgotten to 
telephone inserting the IC card of SIM (Subscriber Identification Module) in a failure 
to extract and portable telephone of the IC card in a POS register terminal is 
assumed. 

[0013]It is for this invention solving an aforementioned problemand aims at preventing 
the continuous illegal use of the IC card by persons other than a true card holder. 
[0014] 

[Means for Solving the Problem]In an IC card which has an arithmetic unitmain 
memoryread-only memorynonvolatile memoryand a timer functionthis invention 
maintained only time predetermined in security status which shows a card holder's 



attestation effective state after the end of attestation. After this invention passed 
the above-mentioned predetermined timeit returns security status or it was made to 
blockade an applicable application file. This invention set the term of validity of card 
holder attestation as a key file. This invention set the term of validity of card holder 
attestation to every application file as a key file. 
[0015] 

[Embodiment of the Invention]Hereafteran embodiment of the invention is described. 
The IC card of this invention is the same as that of the thing of composition of having 
been shown in drawing S and has a timer function. It is a mechanism in which CPU2a is 
told about this timer function having measured lapsed time using the clock supplied 
from the outsideand the time of the specified term of validity having passedand it 
does not matter even if it realizes by dedicated hardware and the interval timer by 
software realizes. 

[0016]This invention provides the term of validity in security status (attestation 
effective state)When the effective state of the security status after the card holder 
attestation by a card holder s PIN input continues only fixed time and security status 
returns before card holder attestation after fixed time lapseit keeps the continuous 
use after it from being possible. Although setting out of the term of validity is set up 
to global security status and all the security status of each application in the example 
explained belowSetting out of the term of validity is not limited to thisand receives 
the security status of global security status or each applicationfor exampleOr it may 
be made to perform setting up to the security status of important specific application 
etc. suitably. 

[001 7]it is shown in drawing 1 — as — key file IEF00 directly under MFkey file IEF01 
under each application fileIEF02and IEF03 — the record of the term of validity is 
attached to ....respectively. When it may be set up from the beginning or necessity 
arises after thatit may be made to set up this term of validity. For exampleif key file 
IEF00 directly under MF is specified with an authentication commandAfter memorizing 
the present global security status after comparing the value of the key in inputted 
PIN and a file if in agreementglobal security status is updatedand a timer function is 
made to start. The term of validity directed to a timer function is called for by four 
operationssuch as the sum of the term of validity (it is the term of validity of the 
whole cardand sets up beforehandfor example) of IEFOOand the term of validity 
recorded on IEFOIor a differencewhen using application AP1. When using application 
AP2it asks by four operations recorded on each of IEF00 and IEF02such as the sum 
of the term of validityor a difference. The term of validity of IEF00 also does a certain 
operationand it may be made to ask for it. Thusthe term of validity of card holder 
attestation can be set as variable for every application. Of courseeach term of validity 
may be set up by a method like other throats. 

[001 8]D rawing 2 is a figure showing the example of a card holder attestation process 
flowand the arrow with which the arrow which goes to right-hand side from left-hand 



side goes to left-hand side from the command from the terminal side to an IC card 
and right-hand side shows the response sent to the terminal side from an IC card. In 
[ in A1a card holder chooses applicationand ] A2The SELECT file command (file 
selection command) which chooses AP1 is sent to an IC cardandin the case of normal 
terminationa status word (9000) is returned as a response from the IC card side in A3. 
Nextin [ in Via card holder inputs PIN into a terminaland ] V2An authentication 
command (PIN which parameter =IEF00IEF01and a data division = card holder 
inputted) is sentand in V3by the IC card sidecollation of PIN and a timer set are 
performedand if it is normal terminationa status word (9000) will be returned as a 
response. In this statethe right to access of AP1 is acquired and mutual 
command/response are performed by the protocol peculiar to application after P1. In 
Pnif the security status term of validity passes in the meantimein order not to fill 
security statusthe status word 6982 will be returned and it will return to a card holder 
attestation front.And in order to carry out continuous use furtherthe process of 
above V1 and V2 must be performed. 

[001 9]D rawing 3 is a figure showing the example of authentication command 
processingand shows the process flow in the case of acquiring the right to access of 
AP1. If IEF00 and IEF01 are specified with an authentication command and access to 
AP1 is triedlf IEF00 is searched first and IEF00 is foundthe present security status 
will be memorized in a memory and the data division (value of PIN which the card 
holder inputted) of a commandand the record value of IEF00 will be compared (Step 
S1 - S4). If collation is in agreementlEFOI will be searched nextand if IEF01 is 
foundthe term of validity T of security status will be computed (Steps S5-S8). 
Subsequentlya timer function is called and argument T is set as a timer (setting out 
of the term of validity). Subsequentlya response is edited (Step S10) and the 
response of normal termination is returned (Step S1 1). In this waysince the term of 
validity is set upif this term expiresit must stop having to fill security status andin the 
case of continuous useauthenticating processing must be performed again. In Step 
S5when collation of IEF00 goes wrongit flies to Step S10the contents of a response 
are editedand an error is returned. 
[0020] 

[Effect of the Invention]As mentioned aboveaccording to this inventioneven when it 
crosses to the hand of a user with an inaccurate terminal unit which inserted the IC 
card after the PIN input attestation by a genuine IC card holdercontinuous use of the 
IC card by an illegal use person can be prevented. In the system which must attest a 
card holder strictly especially by the system using an IC cardfor examplean electronic 
cash systemSince the IC card itself returns security status to the state before the 
collation attestation by a card holder's PIN periodically by using the IC card of this 
inventionEven if it crosses to an illegal use person's handit becomes impossible to 
satisfy the security attributes of an important cash information fileand a continuous 



illegal use can be prevented. 



DESCRIPTION OF DRAWINGS 



[Brief Description of the Drawings] 

[Drawing 1] It is a figure explaining the file structure of this invention. 

[Drawing 2] It is a figure showing the example of a card holder attestation process flow. 

[Drawing 3] It is a figure showing the example of authentication command processing. 

[Drawing 4] It is a figure explaining communication of reader/writer and an IC card. 

[Drawing 5] It is a figure explaining the composition of an IC card. 

[Drawing 6] It is a figure explaining the composition of EEPROM. 

[Drawing 7] It is a figure explaining the composition of a directory. 

[Drawing 8] It is a figure explaining the composition of a command. 

[Drawing 9] It is a figure showing a file structure. 

[Drawing 10] It is a figure explaining security status. 

[Description of Notations] 

1 [ — Timer. ] — Reader/writer2 — An IC card2 a— CPU2 a — RAM2b — ROM2 d— 
EEPROM2e 



